Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
January 27, 2021
Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs are part of a security update released Tuesday for iOS 14.4 ...
- A look at Linux, Threats, Risks, and Recommendations
January 26, 2021
Linux, which started as a personal project 30 years ago, is presently one of the most powerful operating systems dominating cloud platforms and servers around the world today. In fact, Linux usage has now exceeded that of Windows on Azure, Microsoft’s own cloud platform. Linux is also undeniably ubiquitous. According to the Linux Foundation’s 2017 State ...
- DreamBus botnet targets enterprise apps running on Linux servers
January 25, 2021
Chances are that if you deploy a Linux server online these days and you leave even the tiniest weakness exposed, a cybercrime group will ensnare it as part of its botnet. The latest of these threats is named DreamBus. Analyzed in a report published last week by security firm Zscaler, the company said this new threat is ...
- Another ransomware now uses DDoS attacks to force victims to pay
January 24, 2021
Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom. In October 2020, we reported that ransomware gangs were beginning to utilize DDoS attacks against a victims’ network or web site as an extra tool to force them to pay a ransom. At the time, the two ...
- Russian government warns of US retaliatory cyberattacks
January 23, 2021
The Russian government has issued a security warning to organizations in Russia about possible retaliatory cyberattacks by the USA for the SolarWinds breach. Last month, the SolarWinds network management company disclosed that they suffered a sophisticated cyberattack that led to a supply chain attack affecting 18,000 customers. The US government believes that this attack was conducted by ...
- SonicWall firewall maker hacked using zero-day in its VPN device
January 23, 2021
Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems. SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations. On Friday night, ...